EP1815634B1 - Data security in a mobile e-mail service - Google Patents

Data security in a mobile e-mail service Download PDF

Info

Publication number
EP1815634B1
EP1815634B1 EP05813045.1A EP05813045A EP1815634B1 EP 1815634 B1 EP1815634 B1 EP 1815634B1 EP 05813045 A EP05813045 A EP 05813045A EP 1815634 B1 EP1815634 B1 EP 1815634B1
Authority
EP
European Patent Office
Prior art keywords
mobile terminal
connectivity function
activation code
encryption information
service activation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP05813045.1A
Other languages
German (de)
French (fr)
Other versions
EP1815634A1 (en
EP1815634A4 (en
Inventor
Ari Backholm
Seppo Salorinne
Marko Ketonen
Lauri Vuornos
Marcus Groeber
Jukka Ahonen
Antti Saarilahti
Petri Salmi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Seven Networks Inc
Original Assignee
Seven Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to FI20045451A priority Critical patent/FI119581B/en
Priority to FI20055038A priority patent/FI118288B/en
Priority to US65108205P priority
Priority to US65097505P priority
Application filed by Seven Networks Inc filed Critical Seven Networks Inc
Priority to PCT/FI2005/050426 priority patent/WO2006053954A1/en
Publication of EP1815634A1 publication Critical patent/EP1815634A1/en
Publication of EP1815634A4 publication Critical patent/EP1815634A4/en
Application granted granted Critical
Publication of EP1815634B1 publication Critical patent/EP1815634B1/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00Arrangements for user-to-user messaging in packet-switching networks, e.g. e-mail or instant messages
    • H04L51/38Arrangements for user-to-user messaging in packet-switching networks, e.g. e-mail or instant messages in combination with wireless systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/001Protecting confidentiality, e.g. by encryption or ciphering
    • H04W12/0013Protecting confidentiality, e.g. by encryption or ciphering of user plane, e.g. user traffic

Description

    BACKGROUND OF THE INVENTION
  • The invention relates to methods and equipment for establishing data security in an e-mail service between an e-mail server and a mobile terminal.
  • Data security in an e-mail service is achieved by using cryptographic techniques in which traffic in a potentially insecure channel is encrypted using cryptographic information, commonly called encryption keys. A problem underlying the invention relates to distributing such encryption information. Prior art techniques for distributing the encryption information are commonly based on public key encryption techniques, such as Diffie-Hellman. A problem with this approach is that the parties have to trust the underlying mobile network and its operator, which they are surprisingly reluctant to do. Another problem is that mobile terminals tend to have small and restricted user interfaces.
  • US2002/949818 discloses a system and method for pushing information from a host system to a mobile data communication device upon sensing a triggering event. A redirector program operating at the host system enables a user to continuously redirect certain user-selected data items from the host system to the user's mobile data communication device upon detecting that one or more user-defined triggering events has occurred. The redirector program operates in connection with event-generating applications and repackaging systems at the host system to configure and detect a particular user-defined event, and then to encrypt and repackage the user-selected data items in an electronic wrapper prior to pushing the data items to the mobile device.
  • BRIEF DESCRIPTION OF THE INVENTION
  • An object of the present invention is to provide a method and an apparatus for implementing the method so as to alleviate the above problems. The object of the invention is achieved by the method and computer program as set out in the independent claims. Preferred embodiments of the invention are disclosed in the dependent claims.
  • The invention is partially based on the discovery of a surprising problem that has been found as a result of extensive market research. Although clients of mobile networks normally trust their mobile operators as regards voice calls, they are surprisingly reluctant to trust the mobile operators as regards data services, such as e-mail service. The reluctance to trust mobile operators in respect of data services makes public-key interchange schemes unattractive.
  • The encryption information and the identifier of the mobile terminal are combined into a service activation code, which also includes checksum information so as to detect an incorrectly entered service activation code.
  • In an embodiment, the secure channel for conveying the encryption information is implemented as follows. The user of the mobile terminal may have a host system, such as an office terminal, which is coupled to the connectivity function via a private network. The private network requires authentication in order to grant access to users. In this embodiment the mobile terminal generates the encryption information and displays it on its display, and the user enters the encryption information to the host system that is coupled to the private network.
  • Alternatively, the mobile terminal user may have a trust relation with another person, such as a support technician, who is authenticated in the private network. For example, trust relation may be established in a voice call in which the support technician recognizes the voice of the mobile terminal user. The mobile terminal user then dictates the encryption information to the support technician who enters it via a host system coupled to the private network.
  • Thus the secure channel from the mobile terminal to the connectivity function comprises a short segment over which the encryption information is conveyed off-line to a human user that may be the user of the mobile terminal or someone who trusts him/her. The off-line segment is a segment that is detached from public networks and is immune against hacking or eavesdropping via public networks. The off-line segment is implemented visually, such that the mobile terminal displays the encryption information on its display, and the user enters it into a terminal of the private network. In examples which are not embodiments of the present invention, the encryption information may be conveyed on a detachable memory or via a short-range microwave connection, an example of which is known as Bluetooth. The secure channel may also comprise a segment spanned by a conventional voice call, if the mobile terminal user is distant from a terminal of the private network.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • In the following the invention will be described in greater detail by means of preferred embodiments with reference to the attached drawings, in which
    • Figure 1 shows an exemplary system architecture in which the invention can be used;
    • Figure 2 shows procedure steps for establishing a secure connection.
    DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
  • The invention is applicable to virtually any mobile e-mail system architecture. Figure 1 shows an exemplary system architecture which is supported by the owner of the present application. Reference numeral 100 denotes a host system that is able to send an receive e-mail messages. Reference numeral 102 denotes a mobile terminal, also able to send an receive e-mail messages. The e-mail messages may originate or terminate at external e-mail terminals, one of which is denoted by reference numeral 104.The invention aims at improving cooperation between the host system 100 and mobile terminal 102 such that they can use a single e-mail account as transparently as possible. This means, for example, that the users of the external e-mail terminals 104, when sending or receiving e-mail, do not need to know if the user of the host system 100 actually uses the host system 100 or the mobile terminal 102 to communicate via e-mail. The transparency also means that e-mail manipulation at the mobile terminal 102 has, as far as possible, the same effect as the corresponding e-mail manipulation at the host system 100. For example, e-mail messages read at the mobile terminal 102 should preferably be marked as read at the host system.
  • Reference numeral 106 denotes a data network, such as an IP (Internet Protocol) network, which may be the common Internet or its closed subnet-works, commonly called intranets or extranets. Reference numeral 108 denotes an e-mail server and its associated database. There may be separate e-mail servers and/or server addresses for incoming and outgoing e-mail. The database stores an e-mail account, addressable by means of an e-mail address, that appears as a mailbox to the owner of the e-mail account. In order to communicate with mobile terminals 102, the data network 106 is connected, via a gateway 112 to an access network 114. The access network comprises a set of base stations 116 to provide wireless coverage over a wireless interface 118 to the mobile terminals 102.
  • Reference numeral 110 denotes a messaging centre that is largely responsible for providing the above-mentioned transparency between the host system 100 and the mobile terminal 102. The system architecture also comprises a connectivity function 120, whose task is to push e-mail messages to the mobile terminal. In the embodiment shown in Figure 1, the connectivity function 120 is considered a physically integral but logically distinct element of the messaging centre 110.
  • The mobile terminal 102 may be a pocket or laptop computer with a radio interface, a smart cellular telephone, or the like. Depending on implementation, the host system 100, if present, may have different roles. In some implementations the host system 100 is optional and may be a conventional office computer that merely acts as the mobile terminal user's principal computer and e-mail terminal. In other implementations the host system may act as a platform for a single user's connectivity function, in addition to being an office computer. In yet other implementations the host system 100 may comprise the connectivity function for several users. Thus it is a server instead of a normal office computer.
  • We assume here that the access network 114 is able to establish and maintain a tunnel 122 between the messaging centre 110 and the mobile terminal 102. For instance, the tunnel may be set up using GPRS Tunnelling Protocol (GTP) or its later derivatives, or any other suitable tunnelling protocol.
  • Figure 1 shows an embodiment in which the messaging centre 110 is largely responsible for e-mail transport to/from the mobile terminal 102 via the access network 114, while a separate connectivity function 120 is responsible for data security issues. The connectivity function 120 may be physically attached to or co-located with the messaging centre 110, but they are logically separate elements. Indeed, a definite advantage of the separate connectivity function 120 is that it can be detached from the messaging centre, for instance, within the company that owns the host system 100 or the e-mail server 108. For a small number of users, the connectivity function 120 can be installed in each host system 100, or the host system 100 can be interpreted as a separate server configured to support multiple users. It is even possible to implement some or all the above-mentioned options. This means, for example, that there is one or more messaging centres 110 that offer services to several network operators, or they may be a dedicated messaging centre for each network operator (somewhat analogous to short messaging centres). Each messaging centre 110 may have an integral connectivity function 120 to support users who don't wish to install a separate connectivity function in a host system 100. For users who do install a separate connectivity function 120 in their host systems 100, such connectivity functions bypass the connectivity function in the messaging centre 110 and address the messaging centre 110 directly.
  • A real e-mail system supports a large number of mobile terminals 102 and tunnels 122. In order to keep track of which e-mail account and which tunnel belongs to which mobile terminal, the messaging centre 110 and the connectivity function collectively maintain an association 124, 124' for each supported mobile terminal. Basically, each association 124, 124' joins three fields, namely an e-mail address 124A assigned to the mobile terminal or its user, encryption information 124C and a temporary wireless identity 124D of the mobile terminal in the access network. The embodiment shown in Figure 1 also employs a terminal identifier 124B which may be the same as the e-mail address 124A of the mobile terminal 102, in which case the association 124 actually associates three information items. Alternatively, the terminal identifier 124B may be an identifier arbitrarily assigned to the mobile terminal. In a preferred implementation the terminal identifier 124B is the mobile terminal's equipment identifier or its derivative. The encryption information 124C is preferably related to the mobile terminal's equipment identity and is preferably generated by the mobile terminal itself, so as to ensure that no other terminal besides the one used for creating the encryption information 124C will be able to decrypt incoming encrypted e-mail messages. The temporary wireless identity 124D may be the identifier of the tunnel 122 to the mobile station. Of course, the tunnel identifier is not permanent and is only known when a tunnel exists.
  • Figure 2 shows a secure e-mail provisioning technique in which the host system 100 authenticates the user of the mobile terminal 102. In step 2-1 the client software in the mobile terminal 102 generates and displays a service activation code. In step 2-2 the host system 100 authenticates the person who enters the service activation code. Instead of a dedicated authentication step, the technique may rely on the authentication of the underlying e-mail system, such as user name and password combination. After all, the e-mail provisioning need not be more secure than the underlying e-mail system. In step 2-3 the service activation code is then conveyed off-line to the host system 100. The idea of the off-line communication is to eliminate any chance of eavesdropping before secure a communication channel can be established. For instance, the service activation code may be entered manually or via a local connection, such as a wired or optical interface or a short-range wireless interface, such as Bluetooth™. Finally, in step 2-4, the mobile terminal's service activation code is registered with the connectivity function 120.
  • The service activation code is closely related to an encryption key to be used in future communications between the connectivity function 120 and the mobile terminal 102. The service activation code and the encryption key may be identical, or one may be a subset of the other, or the encryption key may be derived from the service activation code by means of some, preferably unpublished, algorithm. The fact that the service activation code and the encryption key are closely related to each other ensures that the terminal used in the authentication process is the terminal used to access the e-mail service after-wards.
  • Thus the idea of conveying the service activation code to the connectivity function 120 via the host system 100 solves both the security-related and user interface-related problems mentioned above. If there is no host system 100 that can authenticate the mobile terminal and its user. Instead, the user may enter the provisioning data to the connectivity function via some suitable connection. The provisioning data entered by the user may be checked by sending a trial e-mail message and attempting to read it. If the check succeeds, it is regarded as the authentication. Yet another way is to convey the service activation code to a dedicated support person who performs the authentication (eg by recognizing the person's face or voice) and enters the service activation code into the connectivity function 120. The connectivity function 120 now stores an association (item 124 in Figure 1) between the e-mail address 124A and encryption information 124C.
  • The mobile terminal preferably generates the service activation code based on the encryption key, the mobile terminal's identifier and a checksum. A benefit of the checksum is that invalid service activation codes can be detected, considering the fact that the service activation code may be conveyed via channels that are immune to electrical eavesdropping but very prone to human errors. For example, the service activation code may be read visually from the mobile terminal's display and entered manually into another terminal.
  • The mobile terminal's identifier can be its IMEI, IMSI, MSISDN, or other network identifier. A benefit of encoding the mobile terminal's identifier and the encryption key into the service activation key is that the connectivity function 120 needs both to communicate with the mobile terminal. The connectivity function 120 needs the mobile terminal's identifier in order to send data to the mobile terminal. The connectivity function 120 also needs the encryption key because it is the mobile terminal's peer entity as regards encryption. As soon as the connectivity function 120 receives knowledge of the mobile terminal's identifier and the encryption key, it can send the mobile terminal a first message comprising service provisioning settings, after which it can begin sending user traffic, such as new e-mail messages, calendar information and the like.
  • As stated in the description of Figure 1, there are several possible implementations for the connectivity function 120. For example, it can be installed in a public data network, such as the Internet, as a physically integral element of the messaging centre 110 but logically distinct from it. It can also be installed in a company's private network within a firewall. It can be installed as a process in each mobile terminal user's office computer, or one common server can support all mobile users of the company, somewhat analogously to a company's e-mail server. The advantages of the invention are easiest to see when the connectivity function is dedicated to a particular company and is located within the company's firewall. This is because in this implementation there are several connectivity functions, and the mobile terminal has no a priori knowledge of which one it should connect to. A coarse solution to this problem is requesting this information from the user, but entering exact configuration information via a small user interface is one of the problems this invention attempts to solve.
  • It is readily apparent to a person skilled in the art that, as the technology advances, the inventive concept can be implemented in various ways. The invention and its embodiments are not limited to the examples described above but may vary within the scope of the claims.

Claims (6)

  1. A method for conveying e-mail traffic between an e-mail server (108) and a mobile terminal (102), wherein the mobile terminal has an e-mail address (124A) under the e-mail server and a permanent identifier (124B) and a temporary identity (124D) in an access network (114), the method comprising:
    - installing a connectivity function (120) which is operationally coupled to the e-mail server (108) and the access network (114), wherein the connectivity function (120) is configured to encrypt e-mail traffic to the mobile terminal and decrypt e-mail traffic from the mobile terminal, by using encryption information (124C);
    - generating (2-1) a service activation code at the mobile terminal, wherein the service activation code is generated by the mobile terminal based on the permanent identifier (124B) of the mobile terminal, the encryption information (124C) and checksum information;
    - displaying the service activation code on a display of the mobile terminal (102);
    entering the displayed service activation code into an authenticating terminal (100);
    - conveying (2-4) the entered service activation code from the authenticating terminal to the connectivity function (120), so as to provide the connectivity function with the permanent identifier (124B) of the mobile terminal and the encryption information (124C);
    - establishing an encrypted data channel (122) between the connectivity function (120) and the mobile terminal (102), based on the permanent identifier (124B) of the mobile terminal and the encryption information (124C).
  2. A method according to claim 1, wherein the encryption information is based on the permanent identifier (124B) of the mobile terminal.
  3. A method according to claim 1, wherein the encrypted data channel (122) is established by the connectivity function (120) sending the mobile terminal (102) a message comprising service provisioning settings using the permanent identifier (124B) of the mobile terminal and the encryption information (124C).
  4. A method according to claim 1, wherein the connectivity function is dedicated to a particular company and is located within that particular company's firewall.
  5. A method according to claim 1, wherein the encryption information can be derived from the service activation code by means of an algorithm.
  6. A computer program set on at least one carrier, the computer program set comprising:
    - a first routine for causing a mobile terminal (102) to generate (2-1) a service activation code based on a permanent identifier (124B) of the mobile terminal, encryption information (124C) and checksum information;
    - a second routine for displaying the service activation code on a display of the mobile terminal (102) such that the displayed service activation code can be entered into an authenticating terminal (100);
    - a third routine for conveying the entered service activation code from the authenticating terminal to a connectivity function (120), so as to provide the connectivity function with the permanent identifier (124B) of the mobile terminal and the encryption information (124C), wherein the connectivity function (120) is operationally coupled to an e-mail server (108) and an access network (114), wherein the connectivity function is configured to encrypt e-mail traffic to the mobile terminal and decrypt e-mail traffic from the mobile terminal, by using the encryption information (124C); and
    - a set of fourth routines for establishing an encrypted data channel (122) between the connectivity function (120) and the mobile terminal (102), based on the permanent identifier (124B) of the mobile terminal and the encryption information (124C).
EP05813045.1A 2004-11-22 2005-11-21 Data security in a mobile e-mail service Active EP1815634B1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
FI20045451A FI119581B (en) 2004-11-22 2004-11-22 The mobile station incoming and outgoing e-mail so communication
FI20055038A FI118288B (en) 2005-01-26 2005-01-26 Security mobile e-mail service,
US65108205P true 2005-02-09 2005-02-09
US65097505P true 2005-02-09 2005-02-09
PCT/FI2005/050426 WO2006053954A1 (en) 2004-11-22 2005-11-21 Data security in a mobile e-mail service

Publications (3)

Publication Number Publication Date
EP1815634A1 EP1815634A1 (en) 2007-08-08
EP1815634A4 EP1815634A4 (en) 2013-05-08
EP1815634B1 true EP1815634B1 (en) 2015-01-07

Family

ID=36406862

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05813045.1A Active EP1815634B1 (en) 2004-11-22 2005-11-21 Data security in a mobile e-mail service

Country Status (2)

Country Link
EP (1) EP1815634B1 (en)
WO (1) WO2006053954A1 (en)

Families Citing this family (71)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7197541B1 (en) 2001-06-18 2007-03-27 Palm, Inc. Method and apparatus for automated personality transfer for a wireless enabled handheld device
EP1466261B1 (en) 2002-01-08 2018-03-07 Seven Networks, LLC Connection architecture for a mobile network
WO2006045102A2 (en) 2004-10-20 2006-04-27 Seven Networks, Inc. Method and apparatus for intercepting events in a communication system
US8010082B2 (en) 2004-10-20 2011-08-30 Seven Networks, Inc. Flexible billing architecture
US7706781B2 (en) 2004-11-22 2010-04-27 Seven Networks International Oy Data security in a mobile e-mail service
FI117152B (en) 2004-12-03 2006-06-30 Seven Networks Internat Oy The introduction of mobile e-mail settings
US7752633B1 (en) 2005-03-14 2010-07-06 Seven Networks, Inc. Cross-platform event engine
US8438633B1 (en) 2005-04-21 2013-05-07 Seven Networks, Inc. Flexible real-time inbox access
US7796742B1 (en) 2005-04-21 2010-09-14 Seven Networks, Inc. Systems and methods for simplified provisioning
WO2006136660A1 (en) 2005-06-21 2006-12-28 Seven Networks International Oy Maintaining an ip connection in a mobile network
US7917468B2 (en) 2005-08-01 2011-03-29 Seven Networks, Inc. Linking of personal information management data
US7853563B2 (en) 2005-08-01 2010-12-14 Seven Networks, Inc. Universal data aggregation
US8069166B2 (en) 2005-08-01 2011-11-29 Seven Networks, Inc. Managing user-to-user contact with inferred presence information
US8468126B2 (en) 2005-08-01 2013-06-18 Seven Networks, Inc. Publishing data in an information community
US7769395B2 (en) 2006-06-20 2010-08-03 Seven Networks, Inc. Location-based operations and messaging
US7574444B2 (en) 2006-11-15 2009-08-11 Palm, Inc. Device-side data de-duping
US8135798B2 (en) 2006-11-15 2012-03-13 Hewlett-Packard Development Company, L.P. Over-the-air device services and management
US20080115152A1 (en) 2006-11-15 2008-05-15 Bharat Welingkar Server-controlled heartbeats
US7603435B2 (en) 2006-11-15 2009-10-13 Palm, Inc. Over-the-air device kill pill and lock
US8805425B2 (en) 2007-06-01 2014-08-12 Seven Networks, Inc. Integrated messaging
US8693494B2 (en) 2007-06-01 2014-04-08 Seven Networks, Inc. Polling
US8364181B2 (en) 2007-12-10 2013-01-29 Seven Networks, Inc. Electronic-mail filtering for mobile devices
US8793305B2 (en) 2007-12-13 2014-07-29 Seven Networks, Inc. Content delivery to a mobile device from a content service
US9002828B2 (en) 2007-12-13 2015-04-07 Seven Networks, Inc. Predictive content delivery
US8107921B2 (en) 2008-01-11 2012-01-31 Seven Networks, Inc. Mobile virtual network operator
US8862657B2 (en) 2008-01-25 2014-10-14 Seven Networks, Inc. Policy based content service
US20090193338A1 (en) 2008-01-28 2009-07-30 Trevor Fiatal Reducing network and battery consumption during content delivery and playback
US8787947B2 (en) 2008-06-18 2014-07-22 Seven Networks, Inc. Application discovery on mobile devices
US8078158B2 (en) 2008-06-26 2011-12-13 Seven Networks, Inc. Provisioning applications for a mobile device
US8909759B2 (en) 2008-10-10 2014-12-09 Seven Networks, Inc. Bandwidth measurement
US9043731B2 (en) 2010-03-30 2015-05-26 Seven Networks, Inc. 3D mobile user interface with configurable workspace management
WO2011143591A1 (en) * 2010-05-14 2011-11-17 Yvonne Lo Communications system including validation based upon a unique identification change and related methods
US8838783B2 (en) 2010-07-26 2014-09-16 Seven Networks, Inc. Distributed caching for resource and mobile network traffic management
JP5620578B2 (en) 2010-07-26 2014-11-05 セブン ネットワークス インコーポレイテッド Mobile network traffic adjustment across multiple applications
US9077630B2 (en) 2010-07-26 2015-07-07 Seven Networks, Inc. Distributed implementation of dynamic wireless traffic policy
WO2012018556A2 (en) 2010-07-26 2012-02-09 Ari Backholm Mobile application traffic optimization
US9060032B2 (en) 2010-11-01 2015-06-16 Seven Networks, Inc. Selective data compression by a distributed traffic management system to reduce mobile data traffic and signaling traffic
US8843153B2 (en) 2010-11-01 2014-09-23 Seven Networks, Inc. Mobile traffic categorization and policy for network use optimization while preserving user experience
US8484314B2 (en) 2010-11-01 2013-07-09 Seven Networks, Inc. Distributed caching in a wireless network of content delivered for a mobile application over a long-held request
WO2012060997A2 (en) 2010-11-01 2012-05-10 Michael Luna Application and network-based long poll request detection and cacheability assessment therefor
WO2012060995A2 (en) 2010-11-01 2012-05-10 Michael Luna Distributed caching in a wireless network of content delivered for a mobile application over a long-held request
GB2499534B (en) 2010-11-01 2018-09-19 Seven Networks Llc Caching adapted for mobile application behavior and network conditions
WO2012061430A2 (en) 2010-11-01 2012-05-10 Michael Luna Distributed management of keep-alive message signaling for mobile network resource conservation and optimization
US9330196B2 (en) 2010-11-01 2016-05-03 Seven Networks, Llc Wireless traffic management system cache optimization using http headers
WO2012061437A1 (en) 2010-11-01 2012-05-10 Michael Luna Cache defeat detection and caching of content addressed by identifiers intended to defeat cache
WO2012071283A1 (en) 2010-11-22 2012-05-31 Michael Luna Aligning data transfer to optimize connections established for transmission over a wireless network
GB2500327A (en) 2010-11-22 2013-09-18 Seven Networks Inc Optimization of resource polling intervals to satisfy mobile device requests
GB2501416B (en) 2011-01-07 2018-03-21 Seven Networks Llc System and method for reduction of mobile network traffic used for domain name system (DNS) queries
EP2700019B1 (en) 2011-04-19 2019-03-27 Seven Networks, LLC Social caching for device resource sharing and management
US8832228B2 (en) 2011-04-27 2014-09-09 Seven Networks, Inc. System and method for making requests on behalf of a mobile device based on atomic processes for mobile network traffic relief
WO2012149434A2 (en) 2011-04-27 2012-11-01 Seven Networks, Inc. Detecting and preserving state for satisfying application requests in a distributed proxy and cache system
US9239800B2 (en) 2011-07-27 2016-01-19 Seven Networks, Llc Automatic generation and distribution of policy information regarding malicious mobile traffic in a wireless network
EP2789137A4 (en) 2011-12-06 2015-12-02 Seven Networks Inc A system of redundantly clustered machines to provide failover mechanisms for mobile traffic management and network resource conservation
US8934414B2 (en) 2011-12-06 2015-01-13 Seven Networks, Inc. Cellular or WiFi mobile traffic optimization based on public or private network destination
GB2498064A (en) 2011-12-07 2013-07-03 Seven Networks Inc Distributed content caching mechanism using a network operator proxy
US9277443B2 (en) 2011-12-07 2016-03-01 Seven Networks, Llc Radio-awareness of mobile device for sending server-side control signals using a wireless network optimized transport protocol
US20130159511A1 (en) 2011-12-14 2013-06-20 Seven Networks, Inc. System and method for generating a report to a network operator by distributing aggregation of data
WO2013090821A1 (en) 2011-12-14 2013-06-20 Seven Networks, Inc. Hierarchies and categories for management and deployment of policies for distributed wireless traffic optimization
WO2013090834A1 (en) 2011-12-14 2013-06-20 Seven Networks, Inc. Operation modes for mobile traffic optimization and concurrent management of optimized and non-optimized traffic
EP2801236A4 (en) 2012-01-05 2015-10-21 Seven Networks Inc Detection and management of user interactions with foreground applications on a mobile device in distributed caching
WO2013116856A1 (en) 2012-02-02 2013-08-08 Seven Networks, Inc. Dynamic categorization of applications for network access in a mobile network
WO2013116852A1 (en) 2012-02-03 2013-08-08 Seven Networks, Inc. User as an end point for profiling and optimizing the delivery of content and data in a wireless network
US8812695B2 (en) 2012-04-09 2014-08-19 Seven Networks, Inc. Method and system for management of a virtual network connection without heartbeat messages
US10263899B2 (en) 2012-04-10 2019-04-16 Seven Networks, Llc Enhanced customer service for mobile carriers using real-time and historical mobile application and traffic or optimization data associated with mobile devices in a mobile network
US8775631B2 (en) 2012-07-13 2014-07-08 Seven Networks, Inc. Dynamic bandwidth adjustment for browsing or streaming activity in a wireless network based on prediction of user behavior when interacting with mobile applications
US9161258B2 (en) 2012-10-24 2015-10-13 Seven Networks, Llc Optimized and selective management of policy deployment to mobile clients in a congested network to prevent further aggravation of network congestion
US9307493B2 (en) 2012-12-20 2016-04-05 Seven Networks, Llc Systems and methods for application management of mobile device radio state promotion and demotion
US9241314B2 (en) 2013-01-23 2016-01-19 Seven Networks, Llc Mobile device with application or context aware fast dormancy
US8874761B2 (en) 2013-01-25 2014-10-28 Seven Networks, Inc. Signaling optimization in a wireless network for traffic utilizing proprietary and non-proprietary protocols
US8750123B1 (en) 2013-03-11 2014-06-10 Seven Networks, Inc. Mobile device equipped with mobile network congestion recognition to make intelligent decisions regarding connecting to an operator network
US9065765B2 (en) 2013-07-22 2015-06-23 Seven Networks, Inc. Proxy server associated with a mobile carrier for enhancing mobile traffic management in a mobile network

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020049818A1 (en) 1998-05-29 2002-04-25 Gilhuly Barry J. System and method for pushing encrypted information between a host system and a mobile data communication device
FR2788914B1 (en) * 1999-01-22 2001-03-23 Sfr Sa Method for authentication, with establishment of a secure channel between a subscriber and a service provider accessible via an operator of telecommunication
US9628269B2 (en) * 2001-07-10 2017-04-18 Blackberry Limited System and method for secure message key caching in a mobile communication device
GB0211736D0 (en) * 2002-05-21 2002-07-03 Commtag Ltd Data communications systems

Also Published As

Publication number Publication date
WO2006053954A1 (en) 2006-05-26
EP1815634A1 (en) 2007-08-08
EP1815634A4 (en) 2013-05-08

Similar Documents

Publication Publication Date Title
CA2454218C (en) System and method for secure message key caching in a mobile communication device
US5410602A (en) Method for key management of point-to-point communications
EP2735182B1 (en) Security gateway communication
US8468126B2 (en) Publishing data in an information community
US8131281B1 (en) Mobile device monitoring and control system
US8677138B2 (en) System and method of secure authentication information distribution
US6338140B1 (en) Method and system for validating subscriber identities in a communications network
EP1540878B1 (en) Linked authentication protocols
EP1705855B1 (en) Method and System for establishing a Peer-to-peer communications channel
EP1834465B1 (en) Remote access system and method for enabling a user to remotely access a terminal equipment from a subscriber terminal
JP3951757B2 (en) Communication method through the untrusted access station
EP0788688B1 (en) Method and apparatus for secure identification of a mobile user in a communication network
EP1081895B1 (en) Secure wireless local area network
US8296825B2 (en) Method and system for a secure connection in communication networks
US8116214B2 (en) Provisioning of e-mail settings for a mobile terminal
RU2304856C2 (en) Method and system, meant for setting up a connection via access network
EP1437026B1 (en) Method and apparatus for providing privacy of user identity and characteristics in a communication system
US9059841B2 (en) Auto-discovery of a non-advertised public network address
US20040053613A1 (en) Controlling and enhancing handoff between wireless access points
US20070281664A1 (en) Portable wireless terminal and its security system
US20030120920A1 (en) Remote device authentication
JP4632618B2 (en) User data automatic change system
JP4488719B2 (en) Fast authentication or re-authentication between layers for network communication
US20050177515A1 (en) Wi-Fi service delivery platform for retail service providers
CA2518032C (en) Methods and software program product for mutual authentication in a communications network

Legal Events

Date Code Title Description
17P Request for examination filed

Effective date: 20070606

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (to any country) (deleted)
R17P Request for examination filed (corrected)

Effective date: 20070606

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/00 20060101AFI20130403BHEP

Ipc: H04L 12/58 20060101ALI20130403BHEP

A4 Supplementary search report drawn up and despatched

Effective date: 20130409

17Q First examination report despatched

Effective date: 20140131

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602005045640

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: H04L0009000000

Ipc: H04L0012580000

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 12/58 20060101AFI20140619BHEP

Ipc: H04L 29/06 20060101ALI20140619BHEP

INTG Intention to grant announced

Effective date: 20140709

RAP1 Rights of an application transferred

Owner name: SEVEN NETWORKS, INC.

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: NL

Ref legal event code: T3

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 706409

Country of ref document: AT

Kind code of ref document: T

Effective date: 20150215

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602005045640

Country of ref document: DE

Effective date: 20150226

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 706409

Country of ref document: AT

Kind code of ref document: T

Effective date: 20150107

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced from national office to epo]

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150407

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

PG25 Lapsed in a contracting state [announced from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150408

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150507

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602005045640

Country of ref document: DE

PG25 Lapsed in a contracting state [announced from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 11

26N No opposition filed

Effective date: 20151008

PG25 Lapsed in a contracting state [announced from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

PG25 Lapsed in a contracting state [announced from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

PG25 Lapsed in a contracting state [announced from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

PG25 Lapsed in a contracting state [announced from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20151121

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 12

PG25 Lapsed in a contracting state [announced from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20051121

PG25 Lapsed in a contracting state [announced from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

PG25 Lapsed in a contracting state [announced from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 13

PG25 Lapsed in a contracting state [announced from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150107

PGFP Annual fee paid to national office [announced from national office to epo]

Ref country code: NL

Payment date: 20181126

Year of fee payment: 14

PGFP Annual fee paid to national office [announced from national office to epo]

Ref country code: DE

Payment date: 20181128

Year of fee payment: 14

Ref country code: IE

Payment date: 20181126

Year of fee payment: 14

PGFP Annual fee paid to national office [announced from national office to epo]

Ref country code: CH

Payment date: 20181204

Year of fee payment: 14

Ref country code: GB

Payment date: 20181127

Year of fee payment: 14

Ref country code: FR

Payment date: 20181127

Year of fee payment: 14